Re: draft-pearson-securemail-02.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On May 3, 2008, at 3:44 PM, Frank Ellermann wrote:

> SM wrote:
>
>> SenderID and SPF does not authenticate the sender.
>
> For starters they have different concepts of "sender", PRA and  
> envelope sender, and RFC 4408 section 10.4 offers references (AUTH +  
> SUBMIT) for folks wanting more.

Agreed.  Neither SenderID or SPF offers authentication.  Both of these  
schemes provide a method for domains to _authorize_ IP addresses used  
by SMTP clients.  This can not be described as authentication since  
SMTP clients are often shared by more than one domain.  This scheme is  
fully dependent upon secure routing through questionable boundary  
issues.  In addition to the section 10.4 references, DKIM is another  
possible choice.

-Doug 
   
_______________________________________________
IETF mailing list
IETF@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]